Total
39749 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-27802 | 1 Episerver | 2 Episerver, Episerver Cms | 2025-11-03 | 4.8 Medium |
| The Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. RTE properties (text fields), which could be used in the "Edit" section of the CMS, allowed the input of arbitrary text. It was possible to input malicious JavaScript code in these properties that would be executed if a user visits the previewed page. Attackers needed at least the role "WebEditor" in order to exploit this issue. Affected products: Version 11.X: EPiServer.CMS.Core (<11.21.4) with EPiServer.CMS.UI (<11.37.5), Version 12.X: EPiServer.CMS.Core (<12.22.1) with EPiServer.CMS.UI (<11.37.3) | ||||
| CVE-2025-27801 | 1 Episerver | 2 Episerver, Episerver Cms | 2025-11-03 | 4.8 Medium |
| The Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. ContentReference properties, which could be used in the "Edit" section of the CMS, offered an upload functionality for documents. These documents could later be used as displayed content on the page. It was possible to upload SVG files that include malicious JavaScript code that would be executed if a user visited the direct URL of the preview image. Attackers needed at least the role "WebEditor" in order to exploit this issue. Affected products: Version 11.X: EPiServer.CMS.Core (<11.21.4) with EPiServer.CMS.UI (<11.37.5), Version 12.X: EPiServer.CMS.Core (<12.22.1) with EPiServer.CMS.UI (<11.37.3) | ||||
| CVE-2025-27800 | 1 Episerver | 2 Episerver, Episerver Cms | 2025-11-03 | 4.8 Medium |
| The Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. The Admin dashboard offered the functionality to add gadgets to the dashboard. This included the "Notes" gadget. An authenticated attacker with the corresponding access rights (such as "WebAdmin") that was impersonating the victim could insert malicious JavaScript code in these notes that would be executed if the victim visited the dashboard. Affected products: Version 11.X: EPiServer.CMS.Core (<11.21.4) with EPiServer.CMS.UI (<11.37.5), Version 12.X: EPiServer.CMS.Core (<12.22.1) with EPiServer.CMS.UI (<11.37.3) | ||||
| CVE-2025-27679 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-11-03 | 6.1 Medium |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cross-Site Scripting in Badge Registration V-2023-005. | ||||
| CVE-2025-27676 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-11-03 | 6.1 Medium |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cross-Site Scripting in Reports V-2023-002. | ||||
| CVE-2025-27654 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-11-03 | 6.1 Medium |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Cross Site Scripting (XSS) V-2023-017. | ||||
| CVE-2025-27653 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-11-03 | 6.1 Medium |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Preauthenticated Cross Site Scripting (XSS): Badge Registration V-2023-012. | ||||
| CVE-2025-27637 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-11-03 | 6.1 Medium |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Cross-Site Scripting V-2024-016. | ||||
| CVE-2025-26065 | 1 Intelbras | 4 Rx 1500, Rx 1500 Firmware, Rx 3000 and 1 more | 2025-11-03 | 7.3 High |
| A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a visiting Wi-Fi network. | ||||
| CVE-2025-26064 | 1 Intelbras | 4 Rx 1500, Rx 1500 Firmware, Rx 3000 and 1 more | 2025-11-03 | 7.3 High |
| A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a connnected device. | ||||
| CVE-2025-24530 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-11-03 | 6.4 Medium |
| An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS. | ||||
| CVE-2025-24529 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-11-03 | 6.4 Medium |
| An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab. | ||||
| CVE-2025-24225 | 1 Apple | 2 Ipados, Iphone Os | 2025-11-03 | 6.5 Medium |
| An injection issue was addressed with improved input validation. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. Processing an email may lead to user interface spoofing. | ||||
| CVE-2024-6485 | 2 Getbootstrap, Redhat | 2 Bootstrap, Discovery | 2025-11-03 | 6.4 Medium |
| A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered. | ||||
| CVE-2024-56527 | 1 Tcpdf Project | 1 Tcpdf | 2025-11-03 | 7.5 High |
| An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message. | ||||
| CVE-2024-56519 | 1 Tcpdf Project | 1 Tcpdf | 2025-11-03 | 7.5 High |
| An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute. | ||||
| CVE-2024-47093 | 1 Nagvis | 1 Nagvis | 2025-11-03 | 8.8 High |
| Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS | ||||
| CVE-2024-47090 | 1 Nagvis | 1 Nagvis | 2025-11-03 | 6.1 Medium |
| Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS | ||||
| CVE-2024-45699 | 1 Zabbix | 1 Zabbix | 2025-11-03 | 5.4 Medium |
| The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser. | ||||
| CVE-2024-43799 | 2 Redhat, Send Project | 11 Discovery, Network Observ Optr, Openshift and 8 more | 2025-11-03 | 5 Medium |
| Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0. | ||||